Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-10206

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-01 Jun, 2026 | 00:15
Updated At-01 Jun, 2026 | 12:07
Rejected At-
Credits

D-Link DI-8400 dbsrv.asp stack-based overflow

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:01 Jun, 2026 | 00:15
Updated At:01 Jun, 2026 | 12:07
Rejected At:
â–¼CVE Numbering Authority (CNA)
D-Link DI-8400 dbsrv.asp stack-based overflow

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.

Affected Products
Vendor
D-Link CorporationD-Link
Product
DI-8400
CPEs
  • cpe:2.3:h:d-link:di-8400:*:*:*:*:*:*:*:*
Versions
Affected
  • 16.07.26A1
Problem Types
TypeCWE IDDescription
CWECWE-121Stack-based Buffer Overflow
CWECWE-119Memory Corruption
Type: CWE
CWE ID: CWE-121
Description: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-119
Description: Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
2.09.0N/A
AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 2.0
Base score: 9.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Zheng (VulDB User)
Timeline
EventDate
Advisory disclosed2026-05-31 00:00:00
VulDB entry created2026-05-31 02:00:00
VulDB entry last update2026-05-31 08:45:49
Event: Advisory disclosed
Date: 2026-05-31 00:00:00
Event: VulDB entry created
Date: 2026-05-31 02:00:00
Event: VulDB entry last update
Date: 2026-05-31 08:45:49
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/vuln/367486
vdb-entry
technical-description
https://vuldb.com/vuln/367486/cti
signature
permissions-required
https://vuldb.com/cve/CVE-2026-10206
third-party-advisory
https://vuldb.com/submit/821716
third-party-advisory
https://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vuln
exploit
https://www.dlink.com/
product
Hyperlink: https://vuldb.com/vuln/367486
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/367486/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/cve/CVE-2026-10206
Resource:
third-party-advisory
Hyperlink: https://vuldb.com/submit/821716
Resource:
third-party-advisory
Hyperlink: https://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vuln
Resource:
exploit
Hyperlink: https://www.dlink.com/
Resource:
product
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:01 Jun, 2026 | 01:16
Updated At:01 Jun, 2026 | 15:15

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.4HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Secondary
Version: 4.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-119Primarycna@vuldb.com
CWE-121Primarycna@vuldb.com
CWE ID: CWE-119
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-121
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vulncna@vuldb.com
N/A
https://vuldb.com/cve/CVE-2026-10206cna@vuldb.com
N/A
https://vuldb.com/submit/821716cna@vuldb.com
N/A
https://vuldb.com/vuln/367486cna@vuldb.com
N/A
https://vuldb.com/vuln/367486/cticna@vuldb.com
N/A
https://www.dlink.com/cna@vuldb.com
N/A
Hyperlink: https://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vuln
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/cve/CVE-2026-10206
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/submit/821716
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/367486
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/367486/cti
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://www.dlink.com/
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1698Records found
CVE-2025-5572
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.22% / 79.39%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 06:00
Updated-06 Jun, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-932L setSystemEmail stack-based overflow

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-932ldcs-932l_firmwareDCS-932L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-13547
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.16% / 37.00%
||
7 Day CHG~0.00%
Published-23 Nov, 2025 | 11:02
Updated-02 Dec, 2025 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-822K/DWR-M920 formDdns memory corruption

A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-822kdwr-m920dir-822k_firmwaredwr-m920_firmwareDIR-822KDWR-M920
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-13549
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.08% / 23.80%
||
7 Day CHG~0.00%
Published-23 Nov, 2025 | 12:02
Updated-02 Dec, 2025 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-822K formNtp sub_455524 buffer overflow

A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-822k_firmwaredir-822kDIR-822K
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-13548
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.15% / 35.12%
||
7 Day CHG~0.00%
Published-23 Nov, 2025 | 11:32
Updated-02 Dec, 2025 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow

A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-822kdwr-m920dir-822k_firmwaredwr-m920_firmwareDIR-822KDWR-M920
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-13551
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.27% / 50.26%
||
7 Day CHG~0.00%
Published-23 Nov, 2025 | 13:02
Updated-02 Dec, 2025 | 03:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-822K/DWR-M920 formWanConfigSetup buffer overflow

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-822kdwr-m920dir-822k_firmwaredwr-m920_firmwareDIR-822KDWR-M920
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-13189
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.12% / 30.04%
||
7 Day CHG~0.00%
Published-15 Nov, 2025 | 06:02
Updated-20 Nov, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-816L gena.cgi genacgi_main stack-based overflow

A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-816ldir-816l_firmwareDIR-816L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-13304
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.59% / 69.48%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 22:32
Updated-08 Dec, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-D-Link Corporation
Product-dwr-m920dir-825mdwr-m960dwr-m921dwr-m920_firmwaredwr-m921_firmwaredwr-m961_firmwaredir-825m_firmwaredwr-m960_firmwaredwr-m961DWR-M921DWR-M960DWR-M920DIR-825MDWR-M961
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-13305
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.59% / 69.66%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 23:02
Updated-08 Dec, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-D-Link Corporation
Product-dwr-m920dir-825mdwr-m960dwr-m921dwr-m920_firmwaredwr-m921_firmwaredwr-m961_firmwaredir-825m_firmwaredwr-m960_firmwaredwr-m961DWR-M921DWR-M960DWR-M920DIR-825MDIR-822K
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-8260
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.02% / 6.77%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 01:15
Updated-12 May, 2026 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings buffer overflow

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-935ldcs-935l_firmwareDCS-935L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-10779
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.27% / 50.28%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 03:02
Updated-25 Sep, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-935L HNAP1 sub_402280 stack-based overflow

A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-935ldcs-935l_firmwareDCS-935L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-11339
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.50% / 66.16%
||
7 Day CHG~0.00%
Published-06 Oct, 2025 | 16:32
Updated-19 Nov, 2025 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-7100G C1 jhttpd hi_block.asp sub_4BD4F8 buffer overflow

A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-di-7100g_c1_firmwaredi-7100g_c1DI-7100G C1
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-4842
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.50% / 66.37%
||
7 Day CHG~0.00%
Published-17 May, 2025 | 23:00
Updated-04 Jun, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-932L ucp isUCPCameraNameChanged stack-based overflow

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-932l_firmwaredcs-932lDCS-932L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11959
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-4.95% / 89.83%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 14:31
Updated-04 Dec, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605L formResetStatistic buffer overflow

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-605l_firmwaredir-605lDIR-605Ldir-605l
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-11960
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-4.95% / 89.83%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 14:31
Updated-04 Dec, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605L formSetPortTr buffer overflow

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-605l_firmwaredir-605lDIR-605Ldir-605l
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-11047
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.15% / 35.22%
||
7 Day CHG-0.01%
Published-10 Nov, 2024 | 03:31
Updated-13 Nov, 2024 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow

A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-di-8003_firmwaredi-8003DI-8003di-8003_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-7289
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.05% / 16.83%
||
7 Day CHG+0.01%
Published-28 Apr, 2026 | 15:01
Updated-30 Apr, 2026 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-825m_firmwaredir-825mDIR-825M
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-7288
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.05% / 16.83%
||
7 Day CHG+0.01%
Published-28 Apr, 2026 | 14:46
Updated-30 Apr, 2026 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow

A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-825m_firmwaredir-825mDIR-825M
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-7855
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 18:30
Updated-06 May, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow

A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-di-8100_firmwaredi-8100DI-8100
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-5982
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:30
Updated-13 Apr, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605L POST Request formAdvNetwork buffer overflow

A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-605L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-6014
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.12% / 30.86%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 04:30
Updated-30 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-513 POST Request formAdvanceSetup buffer overflow

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-513dir-513_firmwareDIR-513
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-5983
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:45
Updated-14 Apr, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605L POST Request formSetDDNS buffer overflow

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-605L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-6013
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG-0.03%
Published-10 Apr, 2026 | 04:15
Updated-30 Apr, 2026 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-513 POST Request formSetRoute buffer overflow

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-513dir-513_firmwareDIR-513
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-5981
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:15
Updated-13 Apr, 2026 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605L POST Request formAdvFirewall buffer overflow

A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-605L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-11048
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.15% / 35.22%
||
7 Day CHG-0.01%
Published-10 Nov, 2024 | 04:00
Updated-13 Nov, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow

A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-di-8003_firmwaredi-8003DI-8003di-8003_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-4342
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.94% / 76.56%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:31
Updated-13 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-600L formEasySetupWizard3 buffer overflow

A vulnerability, which was classified as critical, has been found in D-Link DIR-600L up to 2.07B01. Affected by this issue is the function formEasySetupWizard3. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-600ldir-600l_firmwareDIR-600L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-5815
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.11% / 28.71%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 23:15
Updated-27 Apr, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-645
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-4442
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.94% / 76.56%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 23:31
Updated-13 May, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605L formSetWAN_Wizard55 buffer overflow

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-605ldir-605l_firmwareDIR-605L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-4451
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.93% / 76.47%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 01:00
Updated-13 May, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-619L formSetWAN_Wizard52 buffer overflow

A vulnerability has been found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this vulnerability is the function formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-619ldir-619l_firmwareDIR-619L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-4450
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.93% / 76.47%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 01:00
Updated-13 May, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-619L formSetEasy_Wizard buffer overflow

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-619ldir-619l_firmwareDIR-619L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-5980
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:00
Updated-13 Apr, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605L POST Request formSetMACFilter buffer overflow

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-605L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-4347
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.15% / 78.86%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 10:31
Updated-07 May, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-600L formWlSiteSurvey buffer overflow

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-600L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-4346
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.15% / 78.86%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 10:00
Updated-07 May, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-600L formSetWAN_Wizard534 buffer overflow

A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-600L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-5979
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 20:45
Updated-13 Apr, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605L POST Request formVirtualServ buffer overflow

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-605L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-5984
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.02% / 3.59%
||
7 Day CHG-0.01%
Published-09 Apr, 2026 | 22:00
Updated-30 Apr, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605L POST Request formSetLog buffer overflow

A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-605l_firmwaredir-605lDIR-605L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-6012
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.16%
||
7 Day CHG-0.01%
Published-10 Apr, 2026 | 04:00
Updated-30 Apr, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-513 POST Request formSetPassword buffer overflow

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-513dir-513_firmwareDIR-513
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-5212
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.14% / 33.37%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 20:15
Updated-03 Apr, 2026 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 webdav_mgr.cgi Webdav_Upload_File stack-based overflow

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function Webdav_Upload_File of the file /cgi-bin/webdav_mgr.cgi. The manipulation of the argument f_file leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320lwdns-322l_firmwaredns-1100-4_firmwaredns-345dnr-326_firmwaredns-327ldns-326_firmwarednr-326dns-327l_firmwaredns-321_firmwaredns-322ldns-320_firmwaredns-120dns-321dns-343dns-315l_firmwaredns-315ldns-340ldnr-202ldns-320lw_firmwaredns-325_firmwaredns-1550-04_firmwaredns-120_firmwaredns-320ldns-1200-05dns-726-4_firmwaredns-1200-05_firmwaredns-726-4dns-320l_firmwaredns-1550-04dns-325dns-323_firmwaredns-343_firmwaredns-340l_firmwaredns-323dns-326dnr-202l_firmwaredns-345_firmwaredns-320dns-1100-4DNS-321DNS-323DNS-1550-04DNS-1100-4DNS-327LDNR-202LDNS-320LWDNR-322LDNS-345DNS-320DNS-1200-05DNS-340LDNS-320LDNS-326DNR-326DNS-315LDNS-726-4DNS-325DNS-120DNS-343
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5024
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.02% / 3.59%
||
7 Day CHG~0.00%
Published-29 Mar, 2026 | 02:45
Updated-30 Mar, 2026 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-513 formSetEmail stack-based overflow

A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-513_firmwaredir-513DIR-513
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5211
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 19:30
Updated-02 Apr, 2026 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Del stack-based overflow

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function UPnP_AV_Server_Path_Del of the file /cgi-bin/app_mgr.cgi. Executing a manipulation of the argument f_dir can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320lwdns-322l_firmwaredns-1100-4_firmwaredns-345dnr-326_firmwaredns-327ldns-326_firmwarednr-326dns-327l_firmwaredns-321_firmwaredns-322ldns-320_firmwaredns-120dns-321dns-343dns-315l_firmwaredns-315ldns-340ldnr-202ldns-320lw_firmwaredns-325_firmwaredns-1550-04_firmwaredns-120_firmwaredns-320ldns-1200-05dns-726-4_firmwaredns-1200-05_firmwaredns-726-4dns-320l_firmwaredns-1550-04dns-325dns-323_firmwaredns-343_firmwaredns-340l_firmwaredns-323dns-326dnr-202l_firmwaredns-345_firmwaredns-320dns-1100-4DNS-321DNS-323DNS-1550-04DNS-1100-4DNS-327LDNR-202LDNS-320LWDNR-322LDNS-345DNS-320DNS-1200-05DNS-340LDNS-320LDNS-326DNR-326DNS-315LDNS-726-4DNS-325DNS-120DNS-343
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5213
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 20:15
Updated-02 Apr, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 account_mgr.cgi cgi_adduser_to_session stack-based overflow

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_adduser_to_session of the file /cgi-bin/account_mgr.cgi. This manipulation of the argument read_list causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320lwdns-322l_firmwaredns-1100-4_firmwaredns-345dnr-326_firmwaredns-327ldns-326_firmwarednr-326dns-327l_firmwaredns-321_firmwaredns-322ldns-320_firmwaredns-120dns-321dns-343dns-315l_firmwaredns-315ldns-340ldnr-202ldns-320lw_firmwaredns-325_firmwaredns-1550-04_firmwaredns-120_firmwaredns-320ldns-1200-05dns-726-4_firmwaredns-1200-05_firmwaredns-726-4dns-320l_firmwaredns-1550-04dns-325dns-323_firmwaredns-343_firmwaredns-340l_firmwaredns-323dns-326dnr-202l_firmwaredns-345_firmwaredns-320dns-1100-4DNS-321DNS-323DNS-1550-04DNS-1100-4DNS-327LDNR-202LDNS-320LWDNR-322LDNS-345DNS-320DNS-1200-05DNS-340LDNS-320LDNS-326DNR-326DNS-315LDNS-726-4DNS-325DNS-120DNS-343
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5214
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 21:15
Updated-02 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 account_mgr.cgi cgi_addgroup_get_group_quota_minsize stack-based overflow

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_addgroup_get_group_quota_minsize of the file /cgi-bin/account_mgr.cgi. The manipulation of the argument Name results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320lwdns-322l_firmwaredns-1100-4_firmwaredns-345dnr-326_firmwaredns-327ldns-326_firmwarednr-326dns-327l_firmwaredns-321_firmwaredns-322ldns-320_firmwaredns-120dns-321dns-343dns-315l_firmwaredns-315ldns-340ldnr-202ldns-320lw_firmwaredns-325_firmwaredns-1550-04_firmwaredns-120_firmwaredns-320ldns-1200-05dns-726-4_firmwaredns-1200-05_firmwaredns-726-4dns-320l_firmwaredns-1550-04dns-325dns-323_firmwaredns-343_firmwaredns-340l_firmwaredns-323dns-326dnr-202l_firmwaredns-345_firmwaredns-320dns-1100-4DNS-321DNS-323DNS-1550-04DNS-1100-4DNS-327LDNR-202LDNS-320LWDNR-322LDNS-345DNS-320DNS-1200-05DNS-340LDNS-320LDNS-326DNR-326DNS-315LDNS-726-4DNS-325DNS-120DNS-343
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4555
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.05% / 14.51%
||
7 Day CHG+0.01%
Published-22 Mar, 2026 | 16:51
Updated-03 Apr, 2026 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-513 boa formEasySetTimezone memory corruption

A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-513_firmwaredir-513DIR-513
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4529
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.10% / 27.43%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 23:02
Updated-30 Apr, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DHP-1320 SOAP redirect_count_down_page stack-based overflow

A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dhp-1320dhp-1320_firmwareDHP-1320
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-4486
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.11% / 28.26%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 14:02
Updated-03 Apr, 2026 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-513 Web Service formEasySetPassword stack-based overflow

A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-513_firmwaredir-513DIR-513
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4211
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 03:32
Updated-19 Mar, 2026 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 local_backup_mgr.cgi Local_Backup_Info stack-based overflow

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the function Local_Backup_Info of the file /cgi-bin/local_backup_mgr.cgi. This manipulation of the argument f_idx causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320lwdns-322l_firmwaredns-1100-4_firmwaredns-345dnr-326_firmwaredns-327ldns-326_firmwarednr-326dns-327l_firmwaredns-321_firmwaredns-322ldns-320_firmwaredns-120dns-321dns-343dns-315l_firmwaredns-315ldns-340ldnr-202ldns-320lw_firmwaredns-325_firmwaredns-1550-04_firmwaredns-120_firmwaredns-320ldns-1200-05dns-726-4_firmwaredns-1200-05_firmwaredns-726-4dns-320l_firmwaredns-1550-04dns-325dns-323_firmwaredns-343_firmwaredns-340l_firmwaredns-323dns-326dnr-202l_firmwaredns-345_firmwaredns-320dns-1100-4DNS-321DNS-323DNS-1550-04DNS-1100-4DNS-327LDNR-202LDNS-320LWDNR-322LDNS-345DNS-320DNS-1200-05DNS-340LDNS-320LDNS-326DNR-326DNS-315LDNS-726-4DNS-325DNS-120DNS-343
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4214
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 04:32
Updated-19 Mar, 2026 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Path_Setting of the file /cgi-bin/app_mgr.cgi. Executing a manipulation can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320lwdns-322l_firmwaredns-1100-4_firmwaredns-345dnr-326_firmwaredns-327ldns-326_firmwarednr-326dns-327l_firmwaredns-321_firmwaredns-322ldns-320_firmwaredns-120dns-321dns-343dns-315l_firmwaredns-315ldns-340ldnr-202ldns-320lw_firmwaredns-325_firmwaredns-1550-04_firmwaredns-120_firmwaredns-320ldns-1200-05dns-726-4_firmwaredns-1200-05_firmwaredns-726-4dns-320l_firmwaredns-1550-04dns-325dns-323_firmwaredns-343_firmwaredns-340l_firmwaredns-323dns-326dnr-202l_firmwaredns-345_firmwaredns-320dns-1100-4DNS-321DNS-323DNS-1550-04DNS-1100-4DNS-327LDNR-202LDNS-320LWDNR-322LDNS-345DNS-320DNS-1200-05DNS-340LDNS-320LDNS-326DNR-326DNS-315LDNS-726-4DNS-325DNS-120DNS-343
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4213
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.09% / 25.73%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 04:02
Updated-19 Mar, 2026 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 gui_mgr.cgi cgi_myfavorite_verify stack-based overflow

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function cgi_myfavorite_del_user/cgi_myfavorite_verify of the file /cgi-bin/gui_mgr.cgi. Performing a manipulation results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320lwdns-322l_firmwaredns-1100-4_firmwaredns-345dnr-326_firmwaredns-327ldns-326_firmwarednr-326dns-327l_firmwaredns-321_firmwaredns-322ldns-320_firmwaredns-120dns-321dns-343dns-315l_firmwaredns-315ldns-340ldnr-202ldns-320lw_firmwaredns-325_firmwaredns-1550-04_firmwaredns-120_firmwaredns-320ldns-1200-05dns-726-4_firmwaredns-1200-05_firmwaredns-726-4dns-320l_firmwaredns-1550-04dns-325dns-323_firmwaredns-343_firmwaredns-340l_firmwaredns-323dns-326dnr-202l_firmwaredns-345_firmwaredns-320dns-1100-4DNS-321DNS-323DNS-1550-04DNS-1100-4DNS-327LDNR-202LDNS-320LWDNR-322LDNS-345DNS-320DNS-1200-05DNS-340LDNS-320LDNS-326DNR-326DNS-315LDNS-726-4DNS-325DNS-120DNS-343
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4212
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 03:32
Updated-19 Mar, 2026 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 download_mgr.cgi Downloads_Schedule_Info stack-based overflow

A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function Downloads_Schedule_Info of the file /cgi-bin/download_mgr.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320lwdns-322l_firmwaredns-1100-4_firmwaredns-345dnr-326_firmwaredns-327ldns-326_firmwarednr-326dns-327l_firmwaredns-321_firmwaredns-322ldns-320_firmwaredns-120dns-321dns-343dns-315l_firmwaredns-315ldns-340ldnr-202ldns-320lw_firmwaredns-325_firmwaredns-1550-04_firmwaredns-120_firmwaredns-320ldns-1200-05dns-726-4_firmwaredns-1200-05_firmwaredns-726-4dns-320l_firmwaredns-1550-04dns-325dns-323_firmwaredns-343_firmwaredns-340l_firmwaredns-323dns-326dnr-202l_firmwaredns-345_firmwaredns-320dns-1100-4DNS-321DNS-323DNS-1550-04DNS-1100-4DNS-327LDNR-202LDNS-320LWDNR-322LDNS-345DNS-320DNS-1200-05DNS-340LDNS-320LDNS-326DNR-326DNS-315LDNS-726-4DNS-325DNS-120DNS-343
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4188
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.07% / 20.81%
||
7 Day CHG~0.00%
Published-15 Mar, 2026 | 19:32
Updated-22 Apr, 2026 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-619L boa formSchedule stack-based overflow

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-619L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-3978
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.05% / 14.51%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 03:32
Updated-16 Mar, 2026 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-513 formEasySetupWizard3 stack-based overflow

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-513_firmwaredir-513DIR-513
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-2928
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.03% / 9.42%
||
7 Day CHG~0.00%
Published-22 Feb, 2026 | 05:02
Updated-27 Feb, 2026 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DWR-M960 WLAN Encryption Configuration Endpoint formWlEncrypt sub_452CCC stack-based overflow

A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dwr-m960_firmwaredwr-m960DWR-M960
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 33
  • 34
  • Next
Details not found